Sujet Précédent Sujet Suivant

Des espiogiciels qui me gene

Fermé
info1966 Messages postés 13 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 27 décembre 2007 - 3 déc. 2007 à 01:19
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 - 22 déc. 2007 à 00:54
Bonjour,
prière m'aider à resoudre le pb de ces espiogiciels qui bloque l'exploitation normal de mon pc, j'ai scan le pc , les raports :
avec le Hijackthis

Scan saved at 23:44:25, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\csrml.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\nmsl.exe,C:\WINDOWS\system32\csrml.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {0acb987a-962d-81b8-d014-6bf57d230673} - {376032d7-5fb6-410d-8b18-d269a789bca0} - C:\WINDOWS\system32\kymhdccd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DA745B12-C113-4E0B-B91F-23849830E6D3} - C:\WINDOWS\system32\ddaba.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Windows Network Management and Security Layer] "C:\WINDOWS\system32\nmsl.exe" *
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Client/Server Runtime Management Layer] "C:\WINDOWS\system32\csrml.exe" *
O4 - HKLM\..\Run: [ac4a67d1] rundll32.exe "C:\WINDOWS\system32\dfjrepbh.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYMA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cbeed71290af40dd8fee2a7fa176e9db
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cbeed71290af40dd8fee2a7fa176e9db
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O20 - Winlogon Notify: jkkjhgf - jkkjhgf.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Windows Client/Server Runtime Management Layer (CSRML) - Unknown owner - C:\WINDOWS\system32\csrml.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\epyupklh.exe (file missing)
O23 - Service: Print Spooler Service (e36iuaugyuz) - Unknown owner - C:\WINDOWS\system32\oxzr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/user1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

24 réponses

  • 1
  • 2
Réponse 1 / 24
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
3 déc. 2007 à 10:45
Coucou Marie,
Al.
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
3 déc. 2007 à 10:49
Coucou Al.
FM.
0
Réponse 2 / 24
info1966 Messages postés 13 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 27 décembre 2007
4 déc. 2007 à 23:00
Bonjour
merci pour l'aide, voici le rapport que tu m'a demandé

BTFix 1.064 (par bibi26) - 05/12/2007 21:48:47 - Analyse
Lancé depuis C:\Documents and Settings\user1\Bureau\BTFix\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
- C:\Program Files\MyWebSearch
- C:\Program Files\FunWebProducts

---> Analyse terminée
que dieu vous protége
cordialement
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
5 déc. 2007 à 08:58
Bonjour

Tu navigues sans anti-virus ??
Installes-en un... ► urgent

As-tu fait le nécessaire ???



Démarrer en Mode sans échec. Attention, tu n'as pas accès à Internet dans ce mode, note bien ce que tu as à faire.
(Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.


* Démarre l'ordinateur.
* Une fois le chargement du BIOS terminé, il y a un écran noir.
* Appuie sur la touche F8 ou F5, à répétition jusqu'à l'affichage du menu des options avancées de Windows.
* En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuie sur Entrée.
* Choisis ton compte usuel et non Administrateur.

* Ouvre BTFix
* Clique sur "Nettoyer"
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
-1
Réponse 3 / 24
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
5 déc. 2007 à 12:09
Bonjour Info1966

Sur sa demande, je prends la suite de Marie qui risque d'etre absente quelques temps.

J'attends ton rapport BTFix.

Puis fais ce qui suit :

Télécharge Combofix.exe de sUBs sur ton Bureau,

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.

Poste le en réponse.

Note : Le rapport se trouve également là : C:\Combofix.txt+

@ suivre
0
Réponse 4 / 24
info1966 Messages postés 13 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 27 décembre 2007
6 déc. 2007 à 00:35
bonjour
voila le rapport
BTFix 1.064 (par bibi26) - 06/12/2007 23:19:03 - Nettoyage - Mode sans échec
Lancé depuis C:\Documents and Settings\user1\Bureau\BTFix\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés

- Fichiers temporaires effacés
- C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
- C:\Program Files\MyWebSearch
- C:\Program Files\FunWebProducts

---> Nettoyage terminé

cdt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
6 déc. 2007 à 00:46
Bonsoir Info1966

Bien joué, on continue :

Comme expliqué dans mon message précédent :

Télécharge Combofix.exe de sUBs sur ton Bureau,

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.

Poste le en réponse.

Note : Le rapport se trouve également là : C:\Combofix.txt+

@ suivre
0
Réponse 6 / 24
info1966 Messages postés 13 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 27 décembre 2007
6 déc. 2007 à 00:55
bonsoir
ComboFix 07-12-02.6 - user1 2007-12-06 23:37:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.68 [GMT 1:00]
Running from: C:\Documents and Settings\user1\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
C:\Documents and Settings\user1\Application Data\SystemDoctor Free
C:\Documents and Settings\user1\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\user1\Application Data\WinAntiSpyware 2006
C:\Documents and Settings\user1\Application Data\WinAntiSpyware 2006\Logs\update.log
C:\Documents and Settings\user1\Application Data\winantispyware2006freeinstall_fr[1].exe
C:\Documents and Settings\user1\err.log
C:\Documents and Settings\user1\ResErrors.log
C:\Program Files\Fichiers communs\SystemDoctor
C:\Program Files\Fichiers communs\SystemDoctor\err.log
C:\Program Files\winantispyware 2006 free
C:\Program Files\WinAntiSpyware 2006 Free\Activate.dat
C:\Program Files\WinAntiSpyware 2006 Free\AsAgents.dll
C:\Program Files\winantispyware 2006 free\AsAgents.xml
C:\Program Files\winantispyware 2006 free\atl71.dll
C:\Program Files\winantispyware 2006 free\bnlink.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\appupdate.dat
C:\Program Files\winantispyware 2006 free\database\AutoProcess.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\dbupdate.dat
C:\Program Files\winantispyware 2006 free\database\enemies.dat
C:\Program Files\winantispyware 2006 free\database\knownfiles.dat
C:\Program Files\winantispyware 2006 free\database\monstate.dat
C:\Program Files\winantispyware 2006 free\database\PortSpec.ats
C:\Program Files\WinAntiSpyware 2006 Free\database\quaratine.dat\#post_quarantine
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\[u]0[/u]\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\1\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\10\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\11\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\11\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\12\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\13\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\15\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\16\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\17\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\18\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\19\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\2\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\20\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\21\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\22\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\23\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\25\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\26\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\27\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\28\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\28\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\29\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\3\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\30\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\31\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\32\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\33\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\34\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\35\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\36\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\37\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\38\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\4\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\40\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\41\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\42\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\43\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\44\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\45\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\46\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\47\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\47\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\48\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\49\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\5\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\50\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\51\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\52\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\53\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\6\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\7\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\8\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\9\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\c__\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\DirMonitor\c__\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_All Users_Menu Démarrer_Programmes_Démarrage\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_All Users_Menu Démarrer_Programmes_Démarrage\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_user1_Menu Démarrer_Programmes_Démarrage\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_user1_Menu Démarrer_Programmes_Démarrage\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_inf_iereset.inf\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_inf_iereset.inf\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system.ini\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system.ini\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system32_drivers_etc_hosts\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system32_drivers_etc_hosts\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_win.ini\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_win.ini\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr___shellex_contextmenuhandlers\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr___shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_comfile_shell_open_command\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_comfile_shell_open_command\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_directory_shellex_contextmenuhandlers\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_directory_shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_drive_shellex_contextmenuhandlers\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_drive_shellex_contextmenuhandlers\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_exefile_shell_open_command\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_exefile_shell_open_command\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_folder_shellex_contextmenuhandlers\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_folder_shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_mime_database_content type\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_mime_database_content type\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_protocols\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_protocols\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_search\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_search\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_search\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_active setup_installed components\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_active setup_installed components\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_code store database_distribution units\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_code store database_distribution units\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_abouturls\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_abouturls\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_explorer bars\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_explorer bars\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_extensions\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_extensions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_main\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_main\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_search\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_search\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_toolbar\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_toolbar\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_urlsearchhooks\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_urlsearchhooks\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_image file execution options\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_image file execution options\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_inifilemapping\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_inifilemapping\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_windows\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_windows\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon_notify\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon_notify\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_wow_boot\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_wow_boot\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_browser helper objects\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_browser helper objects\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_sharedtaskscheduler\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_sharedtaskscheduler\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_shellexecutehooks\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_shellexecutehooks\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer_run\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer_run\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_run\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_run\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce_setup\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce_setup\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonceex\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonceex\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shell extensions_approved\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shell extensions_approved\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shellserviceobjectdelayload\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shellserviceobjectdelayload\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_url\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_url\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_windowsupdate_auto update\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_windowsupdate_auto update\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_policies_microsoft_internet explorer_restrictions\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_policies_microsoft_internet explorer_restrictions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_lsa\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_lsa\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_session manager\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_session manager\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_tcpip_parameters_interfaces\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_tcpip_parameters_interfaces\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_winsock2_parameters_protocol_catalog9_catalog_entries\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_winsock2_parameters_protocol_catalog9_catalog_entries\#name
C:\Program Files\winantispyware 2006 free\database\Summary.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\tasks.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\TEBase.dat
C:\Program Files\winantispyware 2006 free\database\threatnet.dat
C:\Program Files\WinAntiSpyware 2006 Free\err.log
C:\Program Files\WinAntiSpyware 2006 Free\InstHelp.exe
C:\Program Files\WinAntiSpyware 2006 Free\lapv.dat
C:\Program Files\winantispyware 2006 free\license.rtf
C:\Program Files\WinAntiSpyware 2006 Free\manual.url
C:\Program Files\WinAntiSpyware 2006 Free\mfc71.dll
C:\Program Files\winantispyware 2006 free\msvcp71.dll
C:\Program Files\WinAntiSpyware 2006 Free\msvcr71.dll
C:\Program Files\winantispyware 2006 free\pv.dat
C:\Program Files\WinAntiSpyware 2006 Free\readme.rtf
C:\Program Files\winantispyware 2006 free\scanlog.xml
C:\Program Files\winantispyware 2006 free\shellext.dll
C:\Program Files\winantispyware 2006 free\shellext.xml
C:\Program Files\winantispyware 2006 free\sr.log
C:\Program Files\winantispyware 2006 free\support.url
C:\Program Files\winantispyware 2006 free\unins000.dat
C:\Program Files\winantispyware 2006 free\unins000.exe
C:\Program Files\winantispyware 2006 free\up.dat
C:\Program Files\winantispyware 2006 free\updater.dat
C:\Program Files\WinAntiSpyware 2006 Free\uwas6chk.dll
C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe
C:\Program Files\WinAntiSpyware 2006 Free\uwasffNT.exe
C:\Program Files\winantispyware 2006 free\vbpv.dat
C:\Program Files\winantispyware 2006 free\was6.exe
C:\Program Files\winantispyware 2006 free\was6.xml
C:\Program Files\winantispyware 2006 free\WAS6V.url
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\avtjnknk.exe
C:\WINDOWS\system32\bvfidfjv.dll
C:\WINDOWS\system32\cjweixct.dll
C:\WINDOWS\system32\cnuwkdpm.exe
C:\WINDOWS\system32\dfjrepbh.dll
C:\WINDOWS\system32\dpqyhtwu.exe
C:\WINDOWS\system32\eghucbdi.dll
C:\WINDOWS\system32\ejvfxqlo.exe
C:\WINDOWS\system32\epxkknkl.exe
C:\WINDOWS\system32\epyupklh.exe
C:\WINDOWS\system32\fwyhcnic.exe
C:\WINDOWS\system32\ghgqlhjm.exe
C:\WINDOWS\system32\gslpducn.exe
C:\WINDOWS\system32\hbperjfd.ini
C:\WINDOWS\system32\hhdrvact.ini
C:\WINDOWS\system32\hjostexl.exe
C:\WINDOWS\system32\hodqwwvc.exe
C:\WINDOWS\system32\hxcblvrv.exe
C:\WINDOWS\system32\jehatpgs.exe
C:\WINDOWS\system32\ksfsugvf.exe
C:\WINDOWS\system32\kymhdccd.dll
C:\WINDOWS\system32\llxgkopm.dll
C:\WINDOWS\system32\lyexfwgi.exe
C:\WINDOWS\system32\mpokgxll.ini
C:\WINDOWS\system32\ooksdoyt.exe
C:\WINDOWS\system32\orlehcbq.dll
C:\WINDOWS\system32\qannkhpm.exe
C:\WINDOWS\system32\qbchelro.ini
C:\WINDOWS\system32\qihgolrw.exe
C:\WINDOWS\system32\qlivkdeq.exe
C:\WINDOWS\system32\qljveavv.exe
C:\WINDOWS\system32\rjcebnvx.exe
C:\WINDOWS\system32\rnxhxfde.exe
C:\WINDOWS\system32\tcavrdhh.dll
C:\WINDOWS\system32\tcxiewjc.ini
C:\WINDOWS\system32\tvhmhalg.exe
C:\WINDOWS\system32\udwystpb.exe
C:\WINDOWS\system32\vvxprpuj.exe
C:\WINDOWS\system32\wbvltcnw.exe
C:\WINDOWS\system32\yytbdncx.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-06 to 2007-12-06 ))))))))))))))))))))))))))))))))))))
.

2007-12-05 21:58 . 2007-12-05 21:58 25,754 --a------ C:\WINDOWS\IMG-0012.zip
2007-12-03 23:10 . 2007-12-03 23:10 <REP> d-------- C:\VundoFix Backups
2007-12-03 22:17 . 2007-12-03 22:29 1,265,098 ---hs---- C:\WINDOWS\system32\rrpxokdr.ini
2007-12-02 23:19 . 2007-12-02 23:19 191,608 -r-hs---- C:\WINDOWS\system32\csrml.exe
2007-12-02 22:29 . 2007-12-03 22:10 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-01 23:05 . 2007-12-01 23:05 <REP> d-------- C:\Program Files\Trend Micro
2007-12-01 21:59 . 2007-12-03 22:14 1,265,002 ---hs---- C:\WINDOWS\system32\alllhlmo.ini
2007-11-30 19:51 . 2007-12-01 21:00 1,312,305 ---hs---- C:\WINDOWS\system32\uyvdqwyr.ini
2007-11-30 19:41 . 2007-11-30 19:41 <REP> d-------- C:\Documents and Settings\user1\Application Data\AdobeUM
2007-11-30 19:22 . 2007-11-30 19:22 <REP> d-------- C:\Documents and Settings\user1\Application Data\Nokia Multimedia Player
2007-11-30 19:18 . 2007-11-30 19:18 <REP> d-------- C:\Program Files\DIFX
2007-11-30 19:12 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-11-30 18:59 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-11-30 18:59 . 2007-11-30 18:59 <REP> d-------- C:\Documents and Settings\user1\Application Data\PC Suite
2007-11-30 18:59 . 2007-11-30 19:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-30 18:58 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Nokia
2007-11-30 18:58 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-11-30 18:51 . 2007-11-30 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-11-30 18:47 . 2007-11-30 18:47 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-28 00:24 . 2007-11-30 18:44 1,297,494 ---hs---- C:\WINDOWS\system32\hyyieyfv.ini
2007-11-28 00:21 . 2007-11-28 00:21 <REP> d-------- C:\Program Files\CCleaner
2007-11-27 01:11 . 2007-11-27 01:11 <REP> d-------- C:\Documents and Settings\user1\Application Data\Grisoft
2007-11-27 01:10 . 2007-11-27 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-27 01:10 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-27 00:29 . 2006-09-26 13:51 11,776 --a------ C:\WINDOWS\system32\drivers\uwasfsd.sys
2007-11-27 00:22 . 2007-11-28 00:23 1,297,374 ---hs---- C:\WINDOWS\system32\vkxuinbm.ini
2007-11-14 21:03 . 2007-11-24 13:26 1,026,042 ---hs---- C:\WINDOWS\system32\sqxhvwju.ini
2007-11-10 19:19 . 2007-11-14 19:59 802,218 ---hs---- C:\WINDOWS\system32\psskrkbo.ini
2007-11-08 23:08 . 2007-11-10 19:14 772,798 ---hs---- C:\WINDOWS\system32\whchxydu.ini
2007-11-07 23:27 . 2007-11-07 23:27 2,043 --a------ C:\clip_image002.gif
2007-11-07 23:24 . 2007-11-07 23:24 189,560 --a------ C:\skje.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 17:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 23:36 --------- d-----w C:\Program Files\Google
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA745B12-C113-4E0B-B91F-23849830E6D3}]
C:\WINDOWS\system32\ddaba.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 23:14]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"WinampAgent"="C:\Program Files\Winamp3\winampa.exe" [2002-07-23 17:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 14:37]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"Windows Network Management and Security Layer"="C:\WINDOWS\system32\nmsl.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"Windows Client/Server Runtime Management Layer"="C:\WINDOWS\system32\csrml.exe" [2007-12-02 23:19]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09]
"Windows Network Management and Security Layer"="C:\WINDOWS\system32\nmsl.exe" []
"Windows Client/Server Runtime Management Layer"="C:\WINDOWS\system32\csrml.exe" [2007-12-02 23:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1230649B-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2006 Free\shellext.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjhgf]
jkkjhgf.dll

R2 CSRML;Windows Client/Server Runtime Management Layer;C:\WINDOWS\system32\csrml.exe
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
S2 e36iuaugyuz;Print Spooler Service;C:\WINDOWS\system32\oxzr.exe /service
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS
S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-06 22:28:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 23:44:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\CSRML]
"ImagePath"=multi:"C:\WINDOWS\system32\csrml.exe\[u]0[/u]0"
.
Completion time: 2007-12-06 23:46:21 - machine was rebooted
.
--- E O F ---
cdt
0
Réponse 7 / 24
info1966 Messages postés 13 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 27 décembre 2007
6 déc. 2007 à 00:55
bonsoir
ComboFix 07-12-02.6 - user1 2007-12-06 23:37:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.68 [GMT 1:00]
Running from: C:\Documents and Settings\user1\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
C:\Documents and Settings\user1\Application Data\SystemDoctor Free
C:\Documents and Settings\user1\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\user1\Application Data\WinAntiSpyware 2006
C:\Documents and Settings\user1\Application Data\WinAntiSpyware 2006\Logs\update.log
C:\Documents and Settings\user1\Application Data\winantispyware2006freeinstall_fr[1].exe
C:\Documents and Settings\user1\err.log
C:\Documents and Settings\user1\ResErrors.log
C:\Program Files\Fichiers communs\SystemDoctor
C:\Program Files\Fichiers communs\SystemDoctor\err.log
C:\Program Files\winantispyware 2006 free
C:\Program Files\WinAntiSpyware 2006 Free\Activate.dat
C:\Program Files\WinAntiSpyware 2006 Free\AsAgents.dll
C:\Program Files\winantispyware 2006 free\AsAgents.xml
C:\Program Files\winantispyware 2006 free\atl71.dll
C:\Program Files\winantispyware 2006 free\bnlink.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\appupdate.dat
C:\Program Files\winantispyware 2006 free\database\AutoProcess.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\dbupdate.dat
C:\Program Files\winantispyware 2006 free\database\enemies.dat
C:\Program Files\winantispyware 2006 free\database\knownfiles.dat
C:\Program Files\winantispyware 2006 free\database\monstate.dat
C:\Program Files\winantispyware 2006 free\database\PortSpec.ats
C:\Program Files\WinAntiSpyware 2006 Free\database\quaratine.dat\#post_quarantine
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\[u]0[/u]\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\1\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\10\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\11\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\11\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\12\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\13\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\15\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\16\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\17\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\18\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\19\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\2\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\20\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\21\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\22\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\23\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\25\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\26\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\27\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\28\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\28\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\29\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\3\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\30\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\31\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\32\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\33\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\34\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\35\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\36\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\37\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\38\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\4\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\40\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\41\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\42\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\43\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\44\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\45\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\46\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\47\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\47\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\48\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\49\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\5\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\50\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\51\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\52\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\53\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\6\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\7\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\8\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\9\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\c__\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\DirMonitor\c__\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_All Users_Menu Démarrer_Programmes_Démarrage\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_All Users_Menu Démarrer_Programmes_Démarrage\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_user1_Menu Démarrer_Programmes_Démarrage\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_user1_Menu Démarrer_Programmes_Démarrage\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_inf_iereset.inf\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_inf_iereset.inf\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system.ini\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system.ini\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system32_drivers_etc_hosts\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system32_drivers_etc_hosts\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_win.ini\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_win.ini\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr___shellex_contextmenuhandlers\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr___shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_comfile_shell_open_command\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_comfile_shell_open_command\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_directory_shellex_contextmenuhandlers\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_directory_shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_drive_shellex_contextmenuhandlers\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_drive_shellex_contextmenuhandlers\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_exefile_shell_open_command\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_exefile_shell_open_command\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_folder_shellex_contextmenuhandlers\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_folder_shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_mime_database_content type\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_mime_database_content type\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_protocols\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_protocols\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_search\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_search\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_search\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\user1
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\user1
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_active setup_installed components\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_active setup_installed components\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_code store database_distribution units\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_code store database_distribution units\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_abouturls\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_abouturls\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_explorer bars\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_explorer bars\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_extensions\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_extensions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_main\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_main\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_search\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_search\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_toolbar\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_toolbar\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_urlsearchhooks\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_urlsearchhooks\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_image file execution options\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_image file execution options\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_inifilemapping\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_inifilemapping\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_windows\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_windows\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon_notify\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon_notify\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_wow_boot\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_wow_boot\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_browser helper objects\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_browser helper objects\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_sharedtaskscheduler\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_sharedtaskscheduler\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_shellexecutehooks\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_shellexecutehooks\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer_run\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer_run\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_run\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_run\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce_setup\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce_setup\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonceex\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonceex\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shell extensions_approved\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shell extensions_approved\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shellserviceobjectdelayload\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shellserviceobjectdelayload\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_url\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_url\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_windowsupdate_auto update\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_windowsupdate_auto update\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_policies_microsoft_internet explorer_restrictions\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_policies_microsoft_internet explorer_restrictions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_lsa\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_lsa\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_session manager\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_session manager\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_tcpip_parameters_interfaces\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_tcpip_parameters_interfaces\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_winsock2_parameters_protocol_catalog9_catalog_entries\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_winsock2_parameters_protocol_catalog9_catalog_entries\#name
C:\Program Files\winantispyware 2006 free\database\Summary.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\tasks.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\TEBase.dat
C:\Program Files\winantispyware 2006 free\database\threatnet.dat
C:\Program Files\WinAntiSpyware 2006 Free\err.log
C:\Program Files\WinAntiSpyware 2006 Free\InstHelp.exe
C:\Program Files\WinAntiSpyware 2006 Free\lapv.dat
C:\Program Files\winantispyware 2006 free\license.rtf
C:\Program Files\WinAntiSpyware 2006 Free\manual.url
C:\Program Files\WinAntiSpyware 2006 Free\mfc71.dll
C:\Program Files\winantispyware 2006 free\msvcp71.dll
C:\Program Files\WinAntiSpyware 2006 Free\msvcr71.dll
C:\Program Files\winantispyware 2006 free\pv.dat
C:\Program Files\WinAntiSpyware 2006 Free\readme.rtf
C:\Program Files\winantispyware 2006 free\scanlog.xml
C:\Program Files\winantispyware 2006 free\shellext.dll
C:\Program Files\winantispyware 2006 free\shellext.xml
C:\Program Files\winantispyware 2006 free\sr.log
C:\Program Files\winantispyware 2006 free\support.url
C:\Program Files\winantispyware 2006 free\unins000.dat
C:\Program Files\winantispyware 2006 free\unins000.exe
C:\Program Files\winantispyware 2006 free\up.dat
C:\Program Files\winantispyware 2006 free\updater.dat
C:\Program Files\WinAntiSpyware 2006 Free\uwas6chk.dll
C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe
C:\Program Files\WinAntiSpyware 2006 Free\uwasffNT.exe
C:\Program Files\winantispyware 2006 free\vbpv.dat
C:\Program Files\winantispyware 2006 free\was6.exe
C:\Program Files\winantispyware 2006 free\was6.xml
C:\Program Files\winantispyware 2006 free\WAS6V.url
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\avtjnknk.exe
C:\WINDOWS\system32\bvfidfjv.dll
C:\WINDOWS\system32\cjweixct.dll
C:\WINDOWS\system32\cnuwkdpm.exe
C:\WINDOWS\system32\dfjrepbh.dll
C:\WINDOWS\system32\dpqyhtwu.exe
C:\WINDOWS\system32\eghucbdi.dll
C:\WINDOWS\system32\ejvfxqlo.exe
C:\WINDOWS\system32\epxkknkl.exe
C:\WINDOWS\system32\epyupklh.exe
C:\WINDOWS\system32\fwyhcnic.exe
C:\WINDOWS\system32\ghgqlhjm.exe
C:\WINDOWS\system32\gslpducn.exe
C:\WINDOWS\system32\hbperjfd.ini
C:\WINDOWS\system32\hhdrvact.ini
C:\WINDOWS\system32\hjostexl.exe
C:\WINDOWS\system32\hodqwwvc.exe
C:\WINDOWS\system32\hxcblvrv.exe
C:\WINDOWS\system32\jehatpgs.exe
C:\WINDOWS\system32\ksfsugvf.exe
C:\WINDOWS\system32\kymhdccd.dll
C:\WINDOWS\system32\llxgkopm.dll
C:\WINDOWS\system32\lyexfwgi.exe
C:\WINDOWS\system32\mpokgxll.ini
C:\WINDOWS\system32\ooksdoyt.exe
C:\WINDOWS\system32\orlehcbq.dll
C:\WINDOWS\system32\qannkhpm.exe
C:\WINDOWS\system32\qbchelro.ini
C:\WINDOWS\system32\qihgolrw.exe
C:\WINDOWS\system32\qlivkdeq.exe
C:\WINDOWS\system32\qljveavv.exe
C:\WINDOWS\system32\rjcebnvx.exe
C:\WINDOWS\system32\rnxhxfde.exe
C:\WINDOWS\system32\tcavrdhh.dll
C:\WINDOWS\system32\tcxiewjc.ini
C:\WINDOWS\system32\tvhmhalg.exe
C:\WINDOWS\system32\udwystpb.exe
C:\WINDOWS\system32\vvxprpuj.exe
C:\WINDOWS\system32\wbvltcnw.exe
C:\WINDOWS\system32\yytbdncx.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-06 to 2007-12-06 ))))))))))))))))))))))))))))))))))))
.

2007-12-05 21:58 . 2007-12-05 21:58 25,754 --a------ C:\WINDOWS\IMG-0012.zip
2007-12-03 23:10 . 2007-12-03 23:10 <REP> d-------- C:\VundoFix Backups
2007-12-03 22:17 . 2007-12-03 22:29 1,265,098 ---hs---- C:\WINDOWS\system32\rrpxokdr.ini
2007-12-02 23:19 . 2007-12-02 23:19 191,608 -r-hs---- C:\WINDOWS\system32\csrml.exe
2007-12-02 22:29 . 2007-12-03 22:10 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-01 23:05 . 2007-12-01 23:05 <REP> d-------- C:\Program Files\Trend Micro
2007-12-01 21:59 . 2007-12-03 22:14 1,265,002 ---hs---- C:\WINDOWS\system32\alllhlmo.ini
2007-11-30 19:51 . 2007-12-01 21:00 1,312,305 ---hs---- C:\WINDOWS\system32\uyvdqwyr.ini
2007-11-30 19:41 . 2007-11-30 19:41 <REP> d-------- C:\Documents and Settings\user1\Application Data\AdobeUM
2007-11-30 19:22 . 2007-11-30 19:22 <REP> d-------- C:\Documents and Settings\user1\Application Data\Nokia Multimedia Player
2007-11-30 19:18 . 2007-11-30 19:18 <REP> d-------- C:\Program Files\DIFX
2007-11-30 19:12 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-11-30 18:59 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-11-30 18:59 . 2007-11-30 18:59 <REP> d-------- C:\Documents and Settings\user1\Application Data\PC Suite
2007-11-30 18:59 . 2007-11-30 19:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-30 18:58 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Nokia
2007-11-30 18:58 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-11-30 18:51 . 2007-11-30 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-11-30 18:47 . 2007-11-30 18:47 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-28 00:24 . 2007-11-30 18:44 1,297,494 ---hs---- C:\WINDOWS\system32\hyyieyfv.ini
2007-11-28 00:21 . 2007-11-28 00:21 <REP> d-------- C:\Program Files\CCleaner
2007-11-27 01:11 . 2007-11-27 01:11 <REP> d-------- C:\Documents and Settings\user1\Application Data\Grisoft
2007-11-27 01:10 . 2007-11-27 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-27 01:10 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-27 00:29 . 2006-09-26 13:51 11,776 --a------ C:\WINDOWS\system32\drivers\uwasfsd.sys
2007-11-27 00:22 . 2007-11-28 00:23 1,297,374 ---hs---- C:\WINDOWS\system32\vkxuinbm.ini
2007-11-14 21:03 . 2007-11-24 13:26 1,026,042 ---hs---- C:\WINDOWS\system32\sqxhvwju.ini
2007-11-10 19:19 . 2007-11-14 19:59 802,218 ---hs---- C:\WINDOWS\system32\psskrkbo.ini
2007-11-08 23:08 . 2007-11-10 19:14 772,798 ---hs---- C:\WINDOWS\system32\whchxydu.ini
2007-11-07 23:27 . 2007-11-07 23:27 2,043 --a------ C:\clip_image002.gif
2007-11-07 23:24 . 2007-11-07 23:24 189,560 --a------ C:\skje.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 17:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 23:36 --------- d-----w C:\Program Files\Google
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA745B12-C113-4E0B-B91F-23849830E6D3}]
C:\WINDOWS\system32\ddaba.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 23:14]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"WinampAgent"="C:\Program Files\Winamp3\winampa.exe" [2002-07-23 17:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 14:37]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"Windows Network Management and Security Layer"="C:\WINDOWS\system32\nmsl.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"Windows Client/Server Runtime Management Layer"="C:\WINDOWS\system32\csrml.exe" [2007-12-02 23:19]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09]
"Windows Network Management and Security Layer"="C:\WINDOWS\system32\nmsl.exe" []
"Windows Client/Server Runtime Management Layer"="C:\WINDOWS\system32\csrml.exe" [2007-12-02 23:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1230649B-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2006 Free\shellext.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjhgf]
jkkjhgf.dll

R2 CSRML;Windows Client/Server Runtime Management Layer;C:\WINDOWS\system32\csrml.exe
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
S2 e36iuaugyuz;Print Spooler Service;C:\WINDOWS\system32\oxzr.exe /service
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS
S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-06 22:28:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 23:44:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\CSRML]
"ImagePath"=multi:"C:\WINDOWS\system32\csrml.exe\[u]0[/u]0"
.
Completion time: 2007-12-06 23:46:21 - machine was rebooted
.
--- E O F ---
cdt
0
Réponse 8 / 24
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
6 déc. 2007 à 00:58
Re

Ouahou quel ménage ! Je regarde ton rapport de plus pret car il reste encore des choses a virer ;-)

@ suivre
0
Réponse 9 / 24
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
6 déc. 2007 à 01:21
Re

Fais cela


1) MSNFix.zip de !aur3n7

Télécharge MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, exécutez l'option N.
--- Sauvegarde ce rapport puis faites un copier/coller de ce rapport sur le forum, ainsi qu'un nouveau scan HijackThis. </gras>

Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.:

Et poste moi le rapport d'MSNFix ainsi qu'un nouveau rapport Hijackthis stp pendant que je "depouille" le rapport de comboFix

@ suivre
0
Réponse 10 / 24
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
6 déc. 2007 à 12:16
Bonjour info 1966

ComboFix avec CFScript

* Sélectionne le texte suivant (en gras) dans son intégralité :

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\DA745B12-C113-4E0B-B91F-23849830E6D3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Client/Server Runtime Management Layer"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Network Management and Security Layer"=-
"Windows Client/Server Runtime Management Layer"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjhgf]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1230649B-B980-44A5-B259-9B09EBEA6331}"=-
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\CSRML]

File::
C:\WINDOWS\IMG-0012.zip
C:\WINDOWS\system32\rrpxokdr.ini
C:\WINDOWS\system32\csrml.exe
C:\WINDOWS\system32\nmsl.exe
C:\WINDOWS\system32\alllhlmo.ini
C:\WINDOWS\system32\uyvdqwyr.ini
C:\WINDOWS\system32\hyyieyfv.ini
C:\WINDOWS\system32\vkxuinbm.ini
C:\WINDOWS\system32\sqxhvwju.ini
C:\WINDOWS\system32\psskrkbo.ini
C:\WINDOWS\system32\whchxydu.ini
C:\clip_image002.gif
C:\WINDOWS\system32\drivers\uwasfsd.sys
C:\skje.exe

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt

Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton bureau)

* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher (Poste son contenu)

--> Poste en reponse :

* Le rapport de ComboFix qui se trouve ici > C:\ComboFix.txt
* Un nouvel HijackThis
* Le rapport d'MSNFix (enregistré dans le même dossier que MSNFix sous forme date_heure.txt) comme demandé dans poste précedent.

@ suivre


@ suivre
0
Réponse 11 / 24
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
6 déc. 2007 à 14:08
Re

Ne tiens pas compte de mon message précédent, j'ai fait une erreur dans le script

* Sélectionne le texte suivant (en gras) dans son intégralité :


Driver::
uwasfsd

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\DA745B12-C113-4E0B-B91F-23849830E6D3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Client/Server Runtime Management Layer"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Network Management and Security Layer"=-
"Windows Client/Server Runtime Management Layer"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjhgf]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1230649B-B980-44A5-B259-9B09EBEA6331}"=-
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\CSRML]

File::
C:\WINDOWS\IMG-0012.zip
C:\WINDOWS\system32\rrpxokdr.ini
C:\WINDOWS\system32\csrml.exe
C:\WINDOWS\system32\nmsl.exe
C:\WINDOWS\system32\alllhlmo.ini
C:\WINDOWS\system32\uyvdqwyr.ini
C:\WINDOWS\system32\hyyieyfv.ini
C:\WINDOWS\system32\vkxuinbm.ini
C:\WINDOWS\system32\sqxhvwju.ini
C:\WINDOWS\system32\psskrkbo.ini
C:\WINDOWS\system32\whchxydu.ini
C:\clip_image002.gif
C:\skje.exe

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt

Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton bureau)

* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.

* Une fois le scan achevé, un rapport va s'afficher (Poste son contenu)

--> Poste en reponse :

* Le rapport de ComboFix qui se trouve ici > C:\ComboFix.txt
* Un nouvel HijackThis
* Le rapport d'MSNFix (enregistré dans le même dossier que MSNFix sous forme date_heure.txt) comme demandé dans poste précedent.

@ suivre
0
Réponse 12 / 24
info1966 Messages postés 13 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 27 décembre 2007
6 déc. 2007 à 21:49
bonsoir, en bas les rapports demandés
rapport 1
ComboFix 07-12-02.6 - user1 2007-12-07 20:33:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.73 [GMT 1:00]
Running from: C:\Documents and Settings\user1\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\user1\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\clip_image002.gif
C:\skje.exe
C:\WINDOWS\IMG-0012.zip
C:\WINDOWS\system32\alllhlmo.ini
C:\WINDOWS\system32\csrml.exe
C:\WINDOWS\system32\hyyieyfv.ini
C:\WINDOWS\system32\nmsl.exe
C:\WINDOWS\system32\psskrkbo.ini
C:\WINDOWS\system32\rrpxokdr.ini
C:\WINDOWS\system32\sqxhvwju.ini
C:\WINDOWS\system32\uyvdqwyr.ini
C:\WINDOWS\system32\vkxuinbm.ini
C:\WINDOWS\system32\whchxydu.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\clip_image002.gif
C:\skje.exe
C:\WINDOWS\system32\alllhlmo.ini
C:\WINDOWS\system32\csrml.exe
C:\WINDOWS\system32\epyupklh.exe
C:\WINDOWS\system32\hyyieyfv.ini
C:\WINDOWS\system32\psskrkbo.ini
C:\WINDOWS\system32\rrpxokdr.ini
C:\WINDOWS\system32\sqxhvwju.ini
C:\WINDOWS\system32\uyvdqwyr.ini
C:\WINDOWS\system32\vkxuinbm.ini
C:\WINDOWS\system32\whchxydu.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_UWASFSD


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-07 to 2007-12-07 ))))))))))))))))))))))))))))))))))))
.

2007-12-03 23:10 . 2007-12-03 23:10 <REP> d-------- C:\VundoFix Backups
2007-12-01 23:05 . 2007-12-01 23:05 <REP> d-------- C:\Program Files\Trend Micro
2007-11-30 19:41 . 2007-11-30 19:41 <REP> d-------- C:\Documents and Settings\user1\Application Data\AdobeUM
2007-11-30 19:22 . 2007-11-30 19:22 <REP> d-------- C:\Documents and Settings\user1\Application Data\Nokia Multimedia Player
2007-11-30 19:18 . 2007-11-30 19:18 <REP> d-------- C:\Program Files\DIFX
2007-11-30 19:12 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-11-30 18:59 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-11-30 18:59 . 2007-11-30 18:59 <REP> d-------- C:\Documents and Settings\user1\Application Data\PC Suite
2007-11-30 18:59 . 2007-11-30 19:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-30 18:58 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Nokia
2007-11-30 18:58 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-11-30 18:51 . 2007-11-30 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-11-30 18:47 . 2007-11-30 18:47 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-28 00:21 . 2007-11-28 00:21 <REP> d-------- C:\Program Files\CCleaner
2007-11-27 01:11 . 2007-11-27 01:11 <REP> d-------- C:\Documents and Settings\user1\Application Data\Grisoft
2007-11-27 01:10 . 2007-11-27 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-27 01:10 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-27 00:29 . 2006-09-26 13:51 11,776 --a------ C:\WINDOWS\system32\drivers\uwasfsd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 17:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 23:36 --------- d-----w C:\Program Files\Google
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA745B12-C113-4E0B-B91F-23849830E6D3}]
C:\WINDOWS\system32\ddaba.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 23:14]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MSNFix"="C:\Documents and Settings\user1\Bureau\MSNFix\MSNFix\MSNFix.bat /pass2" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"WinampAgent"="C:\Program Files\Winamp3\winampa.exe" [2002-07-23 17:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 14:37]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"Windows Network Management and Security Layer"="C:\WINDOWS\system32\nmsl.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09]

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys
S2 e36iuaugyuz;Print Spooler Service;C:\WINDOWS\system32\oxzr.exe /service
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-07 19:28:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 20:36:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 20:38:48 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-06 23:46
.
--- E O F ---
rapport2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:37, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DA745B12-C113-4E0B-B91F-23849830E6D3} - C:\WINDOWS\system32\ddaba.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Windows Network Management and Security Layer] "C:\WINDOWS\system32\nmsl.exe" *
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cbeed71290af40dd8fee2a7fa176e9db
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cbeed71290af40dd8fee2a7fa176e9db
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC367E25-F4CE-405E-86A1-0D71A2F3091E}: NameServer = 212.217.1.17 212.217.0.3
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Print Spooler Service (e36iuaugyuz) - Unknown owner - C:\WINDOWS\system32\oxzr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/user1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
0
Réponse 13 / 24
info1966 Messages postés 13 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 27 décembre 2007
6 déc. 2007 à 21:49
bonsoir, en bas les rapports demandés
rapport 1
ComboFix 07-12-02.6 - user1 2007-12-07 20:33:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.73 [GMT 1:00]
Running from: C:\Documents and Settings\user1\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\user1\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\clip_image002.gif
C:\skje.exe
C:\WINDOWS\IMG-0012.zip
C:\WINDOWS\system32\alllhlmo.ini
C:\WINDOWS\system32\csrml.exe
C:\WINDOWS\system32\hyyieyfv.ini
C:\WINDOWS\system32\nmsl.exe
C:\WINDOWS\system32\psskrkbo.ini
C:\WINDOWS\system32\rrpxokdr.ini
C:\WINDOWS\system32\sqxhvwju.ini
C:\WINDOWS\system32\uyvdqwyr.ini
C:\WINDOWS\system32\vkxuinbm.ini
C:\WINDOWS\system32\whchxydu.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\clip_image002.gif
C:\skje.exe
C:\WINDOWS\system32\alllhlmo.ini
C:\WINDOWS\system32\csrml.exe
C:\WINDOWS\system32\epyupklh.exe
C:\WINDOWS\system32\hyyieyfv.ini
C:\WINDOWS\system32\psskrkbo.ini
C:\WINDOWS\system32\rrpxokdr.ini
C:\WINDOWS\system32\sqxhvwju.ini
C:\WINDOWS\system32\uyvdqwyr.ini
C:\WINDOWS\system32\vkxuinbm.ini
C:\WINDOWS\system32\whchxydu.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_UWASFSD


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-07 to 2007-12-07 ))))))))))))))))))))))))))))))))))))
.

2007-12-03 23:10 . 2007-12-03 23:10 <REP> d-------- C:\VundoFix Backups
2007-12-01 23:05 . 2007-12-01 23:05 <REP> d-------- C:\Program Files\Trend Micro
2007-11-30 19:41 . 2007-11-30 19:41 <REP> d-------- C:\Documents and Settings\user1\Application Data\AdobeUM
2007-11-30 19:22 . 2007-11-30 19:22 <REP> d-------- C:\Documents and Settings\user1\Application Data\Nokia Multimedia Player
2007-11-30 19:18 . 2007-11-30 19:18 <REP> d-------- C:\Program Files\DIFX
2007-11-30 19:12 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-11-30 18:59 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-11-30 18:59 . 2007-11-30 18:59 <REP> d-------- C:\Documents and Settings\user1\Application Data\PC Suite
2007-11-30 18:59 . 2007-11-30 19:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-30 18:58 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Nokia
2007-11-30 18:58 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-11-30 18:51 . 2007-11-30 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-11-30 18:47 . 2007-11-30 18:47 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-28 00:21 . 2007-11-28 00:21 <REP> d-------- C:\Program Files\CCleaner
2007-11-27 01:11 . 2007-11-27 01:11 <REP> d-------- C:\Documents and Settings\user1\Application Data\Grisoft
2007-11-27 01:10 . 2007-11-27 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-27 01:10 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-27 00:29 . 2006-09-26 13:51 11,776 --a------ C:\WINDOWS\system32\drivers\uwasfsd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 17:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 23:36 --------- d-----w C:\Program Files\Google
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA745B12-C113-4E0B-B91F-23849830E6D3}]
C:\WINDOWS\system32\ddaba.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 23:14]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MSNFix"="C:\Documents and Settings\user1\Bureau\MSNFix\MSNFix\MSNFix.bat /pass2" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"WinampAgent"="C:\Program Files\Winamp3\winampa.exe" [2002-07-23 17:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 14:37]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"Windows Network Management and Security Layer"="C:\WINDOWS\system32\nmsl.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09]

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys
S2 e36iuaugyuz;Print Spooler Service;C:\WINDOWS\system32\oxzr.exe /service
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-07 19:28:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 20:36:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 20:38:48 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-06 23:46
.
--- E O F ---
rapport2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:37, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DA745B12-C113-4E0B-B91F-23849830E6D3} - C:\WINDOWS\system32\ddaba.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Windows Network Management and Security Layer] "C:\WINDOWS\system32\nmsl.exe" *
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cbeed71290af40dd8fee2a7fa176e9db
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cbeed71290af40dd8fee2a7fa176e9db
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC367E25-F4CE-405E-86A1-0D71A2F3091E}: NameServer = 212.217.1.17 212.217.0.3
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Print Spooler Service (e36iuaugyuz) - Unknown owner - C:\WINDOWS\system32\oxzr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/user1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
0
Réponse 14 / 24
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
7 déc. 2007 à 00:27
Bonsoir info1966

On continu :


1) ComboFix avec CFScript

* Sélectionne le texte suivant (en gras) dans son intégralité :

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\DA745B12-C113-4E0B-B91F-23849830E6D3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Network Management and Security Layer"=-

File::
C:\WINDOWS\system32\drivers\uwasfsd.sys

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton bureau)

* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher, ferme le et ferme ComboFix

2) Lance HijackThis.

Je te conseille d'enregistrer toutes les lignes a fixer puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.

Lance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Clique sur Scan Only et coche les lignes suivantes :


O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Windows Network Management and Security Layer] "C:\WINDOWS\system32\nmsl.exe" *
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O23 - Service: Print Spooler Service (e36iuaugyuz) - Unknown owner - C:\WINDOWS\system32\oxzr.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/user1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif


Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connections Internet.
Clique sur Fix Checked puis clique sur OK
Puis ferme HijackThis.

3) Suppression service néfaste

* « Démarrer » / « Exécuter»

Puis tape

sc stop Print "Spooler Service" et valide par ok

* « Démarrer » / « Exécuter»

Puis tape

sc delete "Spooler Service" et valide par ok

Note : Il faut respecter les espaces et les guillemets

4) Rapports :

--> Poste en reponse :

* Le rapport de ComboFix qui se trouve ici > C:\ComboFix.txt
* Un nouvel HijackThis

@ suivre
0
Réponse 15 / 24
info1966 Messages postés 13 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 27 décembre 2007
7 déc. 2007 à 23:12
bonsoir
ComboFix 07-12-02.6 - user1 2007-12-08 21:28:11.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.72 [GMT 1:00]
Running from: C:\Documents and Settings\user1\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\user1\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drivers\uwasfsd.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\uwasfsd.sys

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-08 to 2007-12-08 ))))))))))))))))))))))))))))))))))))
.

2007-12-03 23:10 . 2007-12-03 23:10 <REP> d-------- C:\VundoFix Backups
2007-12-01 23:05 . 2007-12-01 23:05 <REP> d-------- C:\Program Files\Trend Micro
2007-11-30 19:41 . 2007-11-30 19:41 <REP> d-------- C:\Documents and Settings\user1\Application Data\AdobeUM
2007-11-30 19:22 . 2007-11-30 19:22 <REP> d-------- C:\Documents and Settings\user1\Application Data\Nokia Multimedia Player
2007-11-30 19:18 . 2007-11-30 19:18 <REP> d-------- C:\Program Files\DIFX
2007-11-30 19:12 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-11-30 18:59 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-11-30 18:59 . 2007-11-30 18:59 <REP> d-------- C:\Documents and Settings\user1\Application Data\PC Suite
2007-11-30 18:59 . 2007-11-30 19:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-30 18:58 . 2007-11-30 19:12 <REP> d-------- C:\Program Files\Nokia
2007-11-30 18:58 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-11-30 18:51 . 2007-11-30 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-11-30 18:47 . 2007-11-30 18:47 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-28 00:21 . 2007-11-28 00:21 <REP> d-------- C:\Program Files\CCleaner
2007-11-27 01:11 . 2007-11-27 01:11 <REP> d-------- C:\Documents and Settings\user1\Application Data\Grisoft
2007-11-27 01:10 . 2007-11-27 01:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-27 01:10 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 17:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 23:36 --------- d-----w C:\Program Files\Google
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA745B12-C113-4E0B-B91F-23849830E6D3}]
C:\WINDOWS\system32\ddaba.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 23:14]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"WinampAgent"="C:\Program Files\Winamp3\winampa.exe" [2002-07-23 17:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 14:37]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-30 05:34:14]
DSLMON.lnk - C:\Program Files\Menara\dslmon.exe [2006-10-06 20:04:20]

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys
S2 e36iuaugyuz;Print Spooler Service;C:\WINDOWS\system32\oxzr.exe /service
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-08 20:28:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 21:29:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 21:30:42
C:\ComboFix2.txt ... 2007-12-07 20:38
C:\ComboFix3.txt ... 2007-12-06 23:46
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:23, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DA745B12-C113-4E0B-B91F-23849830E6D3} - C:\WINDOWS\system32\ddaba.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cbeed71290af40dd8fee2a7fa176e9db
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cbeed71290af40dd8fee2a7fa176e9db
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC367E25-F4CE-405E-86A1-0D71A2F3091E}: NameServer = 212.217.1.17 212.217.0.3
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Print Spooler Service (e36iuaugyuz) - Unknown owner - C:\WINDOWS\system32\oxzr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
0
Réponse 16 / 24
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
8 déc. 2007 à 01:07
Bonsoir

Bien joué, on continu

Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
(Note: tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec)
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection

1) Telecharge

-- CCleaner
https://www.ccleaner.com/ccleaner/download
Choisi de préférence la version SLIM-No Toolbar.
Installe-le en prenant soin de décocher les diverses options dont la barre Yahoo et la mise à jour.
Lance CCleaner puis Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Pour les autres paramètres, laisse-le avec ses réglages par défaut.
Ferme le programme pour l’instant.

-- Avira AntiVir PersonalEdition Classic
https://www.avira.com/
Double clique sur son set up sur ton Bureau pour lancer l’installation.
Effectue sa mise a jour comme proposé.
(Le scan (FileWalker) se lance de manière automatique en fin d'installation, ferme le pour le moment. )
Clique droit sur l'icone d'Antivir dans ta barre des taches (en bas a droite) puis "Configure Antivir"
Paramètre le comme indiqué ici : http://speedweb1.free.fr/frames2.php?page=tuto5
(ou la : https://www.malekal.com/avira-free-security-antivirus-gratuit/ )

2) Redémarre en mode sans échec

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuyer sur [Entrée]
Il te faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

Voir si besoin C) https://forum.pcastuces.com/sujet.asp?f=25&s=3902

3) Suppression service néfaste

* « Démarrer » / « Exécuter»

Puis tape

sc stop "Print Spooler Service" et valide par ok

* « Démarrer » / « Exécuter»

Puis tape

sc delete "Print Spooler Service" et valide par ok

Note : Il faut respecter les espaces et les guillemets

4) Lance HijackThis.

Je te conseille d'enregistrer toutes les lignes a fixer puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.

Lance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Clique sur Scan Only et coche les lignes suivantes :

O2 - BHO: (no name) - {DA745B12-C113-4E0B-B91F-23849830E6D3} - C:\WINDOWS\system32\ddaba.dll (file missing)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connections Internet.

Clique sur Fix Checked puis clique sur OK
Puis ferme HijackThis.

5) Scan Antivirus et nettoyage avec Avira Antivir

Clique droit sur l’icône d’Antivir dans ta barre des taches (en bas a droite) puis « start Antivir »
Clique sur l’onglet « scanner » puis vérifie a RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux) que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut)
Une fenêtre va s’ouvrir "Luke Filewalker" le scan va démarrer.

Mets tout ce qu il trouve en "quarantine"

Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport (qui vient d'apparaître), sur ton Bureau.

6) Suppression de fichiers inutiles avec CCleaner

Lance CCleaner en double-cliquant sur son raccourci sur le bureau.
Puis dans le menu Nettoyeur
Clique sur Analyse (laisser travailler cela peut durer longtemps la 1ere fois)
Clique sur le bouton Lancer le nettoyage.
Clique une seconde fois sur le bouton Lancer le nettoyage puis ferme CCleaner.

7) Rapports

Fais redémarrer le PC en mode normal puis poste en réponse :

* Un nouveau rapport HijackThis
* Le rapport d'Antivir que tu as sauvegardé sur ton Bureau.

Bon courage,

@ suivre
0
Réponse 17 / 24
info1966 Messages postés 13 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 27 décembre 2007
14 déc. 2007 à 00:01
bonsoir
le rapport d'abtivir :


AntiVir PersonalEdition Classic
Report file date: vendredi 14 décembre 2007 21:58

Scanning for 970579 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: user1
Computer name: USER

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 20:38:17
ANTIVIR3.VDF : 7.0.1.75 203264 Bytes 11/12/2007 20:38:17
AVEWIN32.DLL : 7.6.0.40 3064320 Bytes 12/12/2007 20:38:18
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 14 décembre 2007 21:58

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '25' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: vendredi 14 décembre 2007 22:37
Used time: 38:46 min

The scan has been done completely.

2915 Scanning directories
148753 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
148753 Files not concerned
998 Archives were scanned
1 Warnings
0 Notes
rapport HijackThis ( suite )
0
Réponse 18 / 24
info1966 Messages postés 13 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 27 décembre 2007
14 déc. 2007 à 00:02
bonsoir ( suite )
rapport HijackThis ( suite )9 message(s) posté(s) depuis le lundi 3 décembre 2007
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:33, on 14/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cbeed71290af40dd8fee2a7fa176e9db
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cbeed71290af40dd8fee2a7fa176e9db
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC367E25-F4CE-405E-86A1-0D71A2F3091E}: NameServer = 212.217.1.17 212.217.0.3
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Print Spooler Service (e36iuaugyuz) - Unknown owner - C:\WINDOWS\system32\oxzr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
0
Réponse 19 / 24
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
14 déc. 2007 à 00:54
Bonsoir Info1966

Bien joué .

A part pour les réglages d antivir

Search for rootkits..............: off cela aurait été bien que la recherche de rootkits soit activée :

Clique droit sur l’icône d’Antivir dans ta barre des taches (en bas a droite) puis « start antivir »
Clique sur l’onglet « scanner » puis vérifie a RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux) que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut)
Une fenêtre va s’ouvrir "Luke Filewalker"... le scan va démarrer.
Mets tout ce qu il trouve en "quarantine"
Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport (qui vient d'apparaître), sur ton Bureau.

Je regarde ton rapport et si ton PC va bien , @ toi de me le confirmer

Alors, on pourra supprimer certains outils utilisés, je t'expliquerai lesquels et comment, puis on fera un scan en ligne de verification et on pourra conclure apres cela ;)

@ suivre
0
Réponse 20 / 24
info1966 Messages postés 13 Date d'inscription lundi 3 décembre 2007 Statut Membre Dernière intervention 27 décembre 2007
17 déc. 2007 à 23:14
bonjour


AntiVir PersonalEdition Classic
Report file date: mardi 18 décembre 2007 21:22

Scanning for 970579 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: user1
Computer name: USER

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 20:38:17
ANTIVIR3.VDF : 7.0.1.75 203264 Bytes 11/12/2007 20:38:17
AVEWIN32.DLL : 7.6.0.40 3064320 Bytes 12/12/2007 20:38:18
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 18 décembre 2007 21:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'MPAPI3s.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'PcSync2.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'Vm_sti.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '25' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\epyupklh.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.E
[INFO] The file was moved to '47e134a7.qua'!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: mardi 18 décembre 2007 22:01
Used time: 38:59 min

The scan has been done completely.

2880 Scanning directories
147712 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
147711 Files not concerned
993 Archives were scanned
2 Warnings
0 Notes

cdt
0

Discussions similaires

SMS inconnu reçu
nanajim -
nanajim -

9 réponses
Vous connaissez un forum de discussion sympa ?
Valentino121 -
LannaFrank -

3 réponses
Mon compte s'abonne tout seul à d'autres comptes
Mathieu -
Vini_9442 -

11 réponses
Numéro de tél étrangé pour un appel en France
Rikoo -
Stef -

18 réponses
Je ne peux plus m’abonner à des gens sur tik tok
Clem -
VincentVoltaCCM -

8 réponses